Note: Since Maven 3.2.1 the password argument should no longer be used (see Tips below for more information). Maven will prompt for the password. Earlier versions of Maven will not prompt for a password, so it must be typed on the command-line in plaintext.

This command will produce an encrypted version of the password, something like

{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}

Store this password in the ${user.home}/.m2/settings-security.xml; it should look like

Escaping curly-brace literals in your password (Since: Maven 2.2.0)

At times, you might find that your password (or the encrypted form of it) may actually contain '{' or '}' as a literal value. If you added such a password as-is to your settings.xml file, you would find that Maven does strange things with it. Specifically, Maven will treat all the characters preceding the '{' literal, and all the characters after the '}' literal, as comments. Obviously, this is not the behavior you want in such a situation. What you really need is a way of escaping the curly-brace literals in your password.

Starting in Maven 2.2.0, you can do just this, with the widely used '\' escape character. If your password looks like this:

jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+{EF1iFQyJQ=

Then, the value you would add to your settings.xml would look like this:

{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+\{EF1iFQyJQ=}

Password Security

Editing settings.xml and running the above commands can still leave your password stored locally in plaintext. You may want to check the following locations:

Shell history (e.g. by running history). You may want to clear your history after encrypting the above passwords

Editor caches (e.g. ~/.viminfo)

Also note that the encrypted passwords can be decrypted by someone that has the master password and settings security file. Keep this file secure (or stored separately) if you expect the possibility that the settings.xml file may be retrieved.

Password Escaping on different platforms

On some platforms it might be neccessary to quote your password based on the content of your password in particular having special characters like %, !, $ etc. in there. For example on Windows you have to be carefull about things like the following:

The following example will not work on Windows:

mvn --encrypt-master-password a!$%^b

whereas the following will work on Windows:

mvn --encrypt-master-password "a!$%^b"

If you are on a linux/unix platform you should use single quotes for the above master password otherwise you will be astonished that the usage of the master-password will not work (caused by the dollar sign and furthermore the exclamation mark).

Prompting for Password

In Maven before version 3.2.1 you have to give the password on command line as argument which means you might need to escape your password. In addition usually the shell stores the full history of commands you have entered, therefore anyone with access to your computer could restore the password from the shell`s history.

Starting with Maven 3.2.1 the password is an optional argument which means if you omit the password you will be prompted for it which prevents all the issues mentioned above.

Therefore we strongly recommend to use Maven 3.2.1 and above to prevent problems with escaping special characters and of course security issues related to bash history or environment issues in relationship with the password.